Box: Considerations for Use

Box is a contracted-for service obtained through a partnership with a consortium of higher education institutions. The agreement includes confidentiality and data security provisions. Box provides a secure environment in which to maintain or share the university’s sensitive unregulated data, as well as some kinds of sensitive regulated data. WUSTL IT leadership has determined that hosted Box is a reliable, secure and credible service. When used in compliance with university policies for information security, computer use and the code of conduct, and subject to the considerations in this document, the hosted services should be considered an extension of internally provided services.

Social Security Numbers (SSN) and other personal identify information should only be used where required by law or where they are essential for university business processes. If you must use SSNs, it is preferred that you use institutional resources designed to house this data. IS&T can help you explore appropriate storage locations or work with you to appropriately encrypt the data if those alternatives will not work for you.

These Box.net applications may not be used for Export Controlled Research because Box cannot ensure that only U.S. persons have access to or maintain their systems. Data will be stored in U.S. based data centers only and all data is stored in an encrypted form.

We believe that Box is compliant with most grants, although specific grant rules for data management should be checked prior to use for research data.

* “Appropriate With Assistance” indicates that storing this type of data in the Box system is appropriate after consulting with your local IT support staff to make sure you understand best practices regarding storing and sharing sensitive data within Box.

Information Security Policies – Technical